It is a detailed account of the progression of activities leading to the discovery of the backdoor, and, Denis speculates about how the hack might have occurred, how the hacker might have progressed from a freelance WordPress developer to the dark side, and indeed, who the hacker might be (names he uses).
There are several recommended steps to mitigate the situation. The top four are:
- Replace the current version of Custom Content Type Manager with version 0.9.8.9 which is the most current clean version.
- Replace ALL WordPress core files with a fresh install. (Delete the existing files (which have probably been hacked) and replace with a fresh install of the core files.)
- Change the passwords of ALL users.
- Delete the users that are unknown to you and look suspicious.
Six to eight steps are suggested in the Mitigation section of the article. Scroll to the bottom of the article, just above the author’s byline.